Author Topic: asw5Not2.exe  (Read 6000 times)

Offline Sandra123777

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
asw5Not2.exe
« on: June 30, 2010, 12:05:20 AM »
Comodo says asw5not2.exe is trying to access MDM.exe in memory.  I noticed this odd behavior and massive slow down of my machine and decided I must have a virus.  I can find no legitimate reference to saw5Not2.exe on the web. 

I've run Malware Bytes, Avira, Kapersky(sp?), and Combofix.exe.  There doesn't seem to be a problem these programs can find.  I'm thinking of rolling my hard drive back one day to see if that fixes things.  FYI I did just apply a pile of Microsoft patches.

In the course of running Combofix.exe I uninstalled avast since I couldn't stop it from running.  (I should also note I booted in safe mode and I couldn't find any sign of avast running either).

So here I am *after* uninstalling avast, and I'm *still* getting messages about asw5not2.exe.  Also aswUpdSv.exe is running.

Is this a virus, or just some poor configuration making a mess?

Thanks!

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Online)
Re: asw5Not2.exe
« Reply #1 on: June 30, 2010, 01:24:20 AM »
Why do you think asw5not2.exe is an avast file?
In which folder is it?
Please, send it to www.virustotal.com
The best things in life are free.

Offline Sandra123777

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #2 on: June 30, 2010, 02:35:21 AM »
I can't get an exact error message since I'm restoring from backup right now (on a fresh disk), but I get a popup that says it's an avast file that looks legit.  Also avast then fails and one of the processes fail.  Again I get a dialog box that says this.  I'm not sure where the file is located, but I'll look after I get my machine back.  Acronis backup restore says this will take around 9 hours.

What is the safe way to find and send this file?  I can put the disk back in the machine, search for the file, and then somehow send it.  or I can attach it to my Mac. 

Thanks!

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Online)
Re: asw5Not2.exe
« Reply #3 on: June 30, 2010, 02:37:49 AM »
Just go to the site, click to upload the file, browse for the file in your computer and click ok...
The best things in life are free.

Offline Sandra123777

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #4 on: June 30, 2010, 08:39:22 PM »
I've uploaded it and the service says that asw5Not2 is signed by ALWIL Software.  It was signed on 6:32 pm 6/14/2010.  Just for kicks I also analyzed ashUpd.exe since that seems to call asw5Not2.exe.  It also seemed to be signed properly.  I'll recover to back ups before this asw5Not2 files showed up:(. 

If you are trying to track down this bug, it might be comodo related.  Maybe I didn't allow something to run during one of your update processes that I should have allowed.  Or it was blocked, or something like that.  Or there is a real problem here.  Hard to say.

Sandra

Offline polonus

  • avast! Überevangelist
  • Maybe Bot
  • *****
  • Posts: 20172
  • Gender: Male
  • malware fighter
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #5 on: June 30, 2010, 09:15:21 PM »
Hi Sandra123777,

Yes, comodo can give you the proverbial pain in the back of your neck hairs. Maybe you read the solution of the issue at their forums,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Online Tech

  • avast! team
  • Certainly Bot
  • *
  • Posts: 64891
  • Gender: Male
    • Personal Message (Online)
Re: asw5Not2.exe
« Reply #6 on: June 30, 2010, 10:34:57 PM »
I've uploaded it and the service says that asw5Not2 is signed by ALWIL Software.
Where is it located, I mean, the file path.
The best things in life are free.

Offline Sandra123777

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #7 on: July 01, 2010, 04:27:38 PM »
The file is located in Program Files:AWIL Software: Avast 4.  I just restored from backup to just before this showed up.  I noticed there was no asw5Not2.exe in that location. About 5 minutes after booting I got a popup saying my avast version was out of date and I should upgrade.  I call this a sales type promotion.  It also looked legit.  I believe it came from the update software I mentioned earlier.  After I closed the window, the asw5Not2.exe file showed up.

It really looks like an avast file to me.  Can you confirm?  If it's not this is one sneaky piece of malware.

Sandra

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #8 on: July 01, 2010, 05:34:22 PM »
So are you still using avast4.x and if so what home/Pro and what version, e.g. 4.8.1368, etc. ?

It is highly unlikely anyone in these forums will be able to confirm that if as you say it is in the avast4 folder as avast 5 has been out for over 5 months now. I had avast 4.x for almost 6 years before installing avast5 and this file name isn't one that I'm familiar with, certainly not in the avast4 folder.

So my advice would be to do a clean install the latest version of avast5:
- Download the latest version of avast, 5.0.594 http://files.avast.com/iavs5x/setup_av_free.exe and save it to your HDD, somewhere you can find it again (if you didn't save your last download). Use that when you reinstall.

- Download the avast! Uninstall Utility, aswClear5.exe find it here and save it to your HDD (it has uninstall tools for both 4.8 and 5.0).
  • 1. Now uninstall (using add remove programs, if you can't do that start from the next step), reboot.
  • 2. run the avast! Uninstall Utility from safe mode, first for 4.8 if previously installed and then for 5.0, once complete reboot into normal mode.
  • 3. install the latest version, reboot.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Sandra123777

  • Newbie
  • *
  • Posts: 5
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #9 on: July 01, 2010, 06:13:50 PM »
Thanks for the help.  I'll start uninstall/reinstall process.

FYI, The current version is Build: sep2009 (4.8.1368)
Xtreme Toolkit version 1.9.4.0
Using Active Skin Version 4.2.7.3

Offline DavidR

  • avast! Überevangelist
  • Certainly Bot
  • *****
  • Posts: 69240
  • Gender: Male
  • No support PMs thanks
    • Personal Message (Offline)
Re: asw5Not2.exe
« Reply #10 on: July 01, 2010, 07:00:24 PM »
You're welcome.

I think its best to get avast 5 and do a clean reinstall as it provides better protection than 4.8 with extra features that aren't in 4.8. It also has a new User Interface (no more skins), which whilst different is much easier to find your way round.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2014 9.0.2018/ Outpost Firewall Pro9.1/ Firefox 28.0, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.0.1/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

 

Google Chrome

AVAST recommends using the FREE Google Chrome™ browser.

Download Google Chrome Now